Protocol Insecurity with Assertions

by   R Ramanujam, et al.

In the study of symbolic verification of cryptographic protocols, a central result due to Rusinowitch and Turuani [2003] is that the insecurity problem (deciding whether a protocol admits an execution which leaks a designated secret to the intruder) for security protocols with finitely many sessions is NP-complete. Central to their proof strategy is the observation that any execution of a protocol can be simulated by one where the intruder only communicates terms of bounded size. They prove this by analyzing how variables used in the protocol can be instantiated in different contexts by the intruder. However, when we consider protocols where, in addition to terms, some logical statements or "assertions" about the terms (as presented by Ramanujam, Sundararajan, and Suresh [2017]) are also communicated, the analysis of the insecurity problem becomes tricky. In this paper we consider the insecurity problem for protocols with a class of assertions that includes equality on terms and existential quantification. The intruder can potentially exploit the fact that witnesses for existential quantifiers may be unbounded, and obtaining small witness terms while maintaining equality proofs complicates the analysis considerably. We use a notion of well-typed equality proofs that helps in bounding the sizes of the terms involved, and show that the insecurity problem for assertions is in NP.


page 1

page 2

page 3

page 4


Solving the insecurity problem for assertions

In the symbolic verification of cryptographic protocols, a central probl...

CryptoBap: A Binary Analysis Platform for Cryptographic Protocols

We introduce CryptoBap, a platform to verify weak secrecy and authentica...

The complete classification for quantified equality constraints

We prove that QCSP(ℕ;x=y→ y=z) is PSpace-complete, settling a question o...

Protocol Analysis with Time

We present a framework suited to the analysis of cryptographic protocols...

CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model

Cryptographic protocols are extremely hard to design and prove correct, ...

Securely Computing the n-Variable Equality Function with 2n Cards

Research on the area of secure multi-party computation using a deck of p...

Homomorphisms and Minimality for Enrich-by-Need Security Analysis

Cryptographic protocols are used in different environments, but existing...

Please sign up or login with your details

Forgot password? Click here to reset